GreatResponder.comhttp://greatresponder.com
Web and Cloud Hosting NewsWed, 13 Dec 2017 18:01:21 +0000en-UShourly130855010Bots and Form Letters Make It Nearly Impossible to Find Real FCC Net Neutrality Commentshttp://greatresponder.com/2017/12/13/bots-and-form-letters-make-it-nearly-impossible-to-find-real-fcc-net-neutrality-comments/
Wed, 13 Dec 2017 18:01:21 +0000http://greatresponder.com/2017/12/13/bots-and-form-letters-make-it-nearly-impossible-to-find-real-fcc-net-neutrality-comments/The Federal Communications Commissions’ public comment period on its plans to repeal net neutrality protections was bombarded with bots, memes, and input from people who don’t actually exist. The situation’s gotten so bad that FCC Commissioner Jessica Rosenworcel, as well as several members of Congress, including one Republican, have called for the FCC to postpone […]

The FCC seems unlikely to comply. According to an FCC spokesman, the FCC is zeroing in on legal arguments within those comments, effectively disregarding any outpouring of support for net neutrality from regular Joes. “The purpose of a rulemaking proceeding is to not to see who can dump the most form letters into a docket. Rather, it is to gather facts and legal arguments so that the Commission can reach a well-supported decision,” Brian Hart, the FCC’s head of media relations, tells WIRED. Now, the Commission is barreling ahead toward Chairman Ajit Pai’s plan to essentially allow internet service providers to speed up or slow down internet traffic however they please.

So, with the FCC declining to investigate its own comments, we decided to undertake an analysis of our own.

Yes, researchers have already sliced and diced the data. But parsing 23 million comments can quickly bend toward abstraction. How many of those commenters are real? How many are bots? How many were real, but using identical form letters drafted by advocacy groups?

For a better handle on just how broken the FCC comment system is, we went granular, analyzing all of the submissions that fell under a single name. We wanted a name that was common enough to produce a decent number of hits (so, you know, not Issie Lapowsky), but singular enough that we could actually mine them in a few days (tough luck, James Smith). We settled on Nicholas Thompson, WIRED’s editor in chief, and excluded any Nicks, or Nicholas Thompsons who also supplied a middle initial.

That left us with 39 results between May 11 and December 8 of this year. Using a combination of Facebook, public records tools like Spokeo and Nexis, and the good old fashioned telephone, we attempted to make contact with each of them. It’s far from a perfect or scientific sample, but it does help illuminate what the chaos in the FCC’s comments look like up close. Here’s what we found:

The Bots

Let’s start with the outright fakes, since they’re in some ways the easiest to sniff out. To find the bot Nicholas Thompsons in our sample, we enlisted the help of FiscalNote, a company that processes public comments on behalf of corporations to help them make sense of the policy landscape. Researchers at FiscalNote previously identified nearly one million comments as bot submissions, all of them opposing net neutrality. Each one followed the same paragraph pattern, stringing together 35 synonymous words and phrases in a particular order to form similar, but not identical, comments.

FiscalNote’s vice president of research Vlad Eidelman found six comments that fit that pattern among the 39 Nicholas Thompsons, all submitted over the course of eight days in May. They included strange grammatical formations, like in the example below:

Dear Chairman Pai, I am concerned about internet regulations. I suggest the commission to repeal Tom Wheeler’s decision to control the Internet. Internet users, rather than so-called experts, should be empowered to enjoy whichever applications we want. Tom Wheeler’s decision to control the Internet is a exploitation of the open Internet. It ended a pro-consumer policy that functioned very, very successfully for a long time with bipartisan support.

Four of the bots were attached to fake home addresses, according to public records searches. The one below was associated with an email address that’s available for purchase on emaildownload.org:

Chairman Pai: In the matter of the FCC’s so-called Open Internet order. I want to recommend you to overturn The previous administration’s decision to take over broadband. Internet users, not Washington, should be free to purchase the applications we choose. The previous administration’s decision to take over broadband is a perversion of net neutrality. It ended a market-based policy that worked very, very successfully for a long time with broad bipartisan support.

Some bot-generated comments, though, used real names and addresses. Using the email address connected to one of these bot comments, we were able to track down one real Nicholas Thompson whose name and old address in Los Angeles were being used without his knowledge.

Thompson, who now lives in Portland, says he had submitted a pro-net neutrality comment to the FCC earlier this year. When we reached him by phone, he was angry to know that his authentic comment had been effectively cancelled out by a fake comment using his information. “That’s pretty messed up. It’s pretty sneaky on whoever decided to do that,” Thompson says. “I feel, for lack of a better term, just robbed of my voice.”

Confirmed Bots: 6

The Form Letters

Form letters are comments that advocacy groups draft for their members to submit en masse. According to Pew Research, only 6 percent of the roughly 23 million comments submitted to the FCC were actually unique. The rest were a combination of form letters and bots. The most popular form, submitted 2.8 million times, was a pro-net neutrality comment drafted by the advocacy group Battle for the Net. Eight Nicholas Thompsons submitted comments associated with Battle for the Net, each one linked to an authentic street address, though we couldn’t confirm their identities directly.

Here’s one of them:

The FCC’s Open Internet Rules (net neutrality rules) are extremely important to me. I urge you to protect them.\n\nI don’t want ISPs to have the power to block websites, slow them down, give some sites an advantage over others, or split the Internet into “fast lanes” for companies that pay and “slow lanes” for the rest.

Three other Nicholas Thompsons submitted comments connected to the group Taxpayers Protection Alliance, which Pew says was responsible for spreading some of the most widely used anti-net neutrality messages. All three of those comments tracked to real addresses associated with Thompson families. Here’s one example:

Obama’s Federal Communications Commission (FCC) forced regulations on the internet that put the government, and unaccountable bureaucrats, in control. These rules have cost taxpayers, slowed down broadband infrastructure investment, and hindered competition and choice for Americans. The time to remove the regulatory stranglehold on the internet is NOW. I urge the taxpayer-funded FCC to undo the terrible regulatory burdens that ex-FCC Chairman Tom Wheeler imposed on the internet. After 20 years, and trillions of dollars in infrastructure investment, there is no reason for the government to come in and ruin what has been a thriving tool that has changed the way we all live. Chairman Pai’s proposal to repeal Title II regulations will ensure the continued growth of a dynamic, open internet for all American consumers and taxpayers.

Confirmed Form Letters: 11

The Real Nick Thompsons

In the end, we were able to directly contact three, actual sentient beings named Nicholas Thompson who either picked up their phones or answered our Facebook messages and confirmed their identities. All three supported net neutrality. One of them had submitted the Battle for the Net form letter mentioned above.

The other two submitted unique comments:

I am writing to express my strong opposition to the repeal of net neutrality. It is an assault on the right of all Americans to an open and equitable internet. The internet has not only become essential for cultural, artistic, social and educational purposes, but has largely replaced other methods of doing essential tasks such as registering with government agencies, paying bills, renewing licenses, etc. In some of these cases the older methods have even been phased out completely, leaving the internet as the ONLY option. It is therefore a public utility that all have an equal right to and it is shameful and abhorrent that there is any attempt at all to repeal net neutrality. Thank you for your consideration.

And:

I oppose the repealing or potential loosening of net neutrality rules in all forms, and wish for the full extent of it as known to the public to be preserved. Please do not take any actions that directly lead to that.

For those keeping score at home, that’s less than 8 percent that we were able to positively confirm over the course of several days. That’s with a pool of 39 comments. Now multiply that task by more than 600,000, and you’ll see what the FCC is up against.

Confirmed Nicholas Thompsons: 3

The Unknowns

It remains unclear who, or what, was behind the remaining comments—nearly half overall. Among the comments that opposed net neutrality, several seemed likely to be fake. One comment, below, was submitted identically by three Nicholas Thompsons, including two who provided home addresses that don’t exist. According to Pew, that same comment was submitted nearly 1.3 million times overall, suggesting many of them may have been fake.

Before leaving office, the Obama Administration rammed through a massive scheme that gave the federal government broad regulatory control over the internet. That misguided policy decision is threatening innovation and hurting broadband investment in one of the largest and most important sectors of the U.S. economy. I support the Federal Communications CommissionÍs decision to roll back Title II and allow for free market principles to guide our digital economy.

Two more anti-net neutrality comments submitted by Nicholas Thompsons, used real addresses linked to Thompson families, but the text of the comment was identical to one that was also flagged by a Redditor named Shaun Seckman. Seckman says his name and old address were also used without his permission to send the same message, which read:

Obama’s Net Neutrality order was the corrupt result of a corrupt process controlled by Silicon Valley special interests. It gives some of the biggest companies in the world a free ride at the expense of consumers and should be immediately repealed!

“This post was absolutely not made by me,” Seckman wrote. “I am in favor of Net Neutrality and would not have made such comments.” Given that the message matches the ones supposedly sent by two Nicholas Thompsons, it seems they may be fake, as well.

The rest are a mystery. Some appear to be form letters whose origins are unclear, because the text doesn’t appear elsewhere online. Others used real home addresses, but people finder sites like Spokeo and Nexis didn’t turn up any Thompsons living there. Those sites, of course, are riddled with inaccuracies of their own. Several other comments were likely fake, because they were submitted using home addresses that don’t exist. At least one was likely real, given it was a unique comment, attached to an authentic address belonging to a Nicholas Thompson, whose voicemail recording includes his name. But without talking to each of these remaining Nicholas Thompsons, it’s impossible to know for sure.

The utter messiness of this tiny sample alone demonstrates just how much is unknown about the comments the FCC received, and which it is required by law to consider.

As a workaround, the FCC has decided to ignore the majority of comments submitted by the public in favor of lengthy legal arguments submitted by interest groups and corporations. In doing so, it undermines the only real tool the public has to express their opinions about the rules that govern them. It’s silencing their voices more than a million bots ever could.

]]>12242The 3 Biggest Challenges That Every Entrepreneur Faces–and How to Solve Themhttp://greatresponder.com/2017/12/12/the-3-biggest-challenges-that-every-entrepreneur-faces-and-how-to-solve-them/
Tue, 12 Dec 2017 18:00:38 +0000http://greatresponder.com/2017/12/12/the-3-biggest-challenges-that-every-entrepreneur-faces-and-how-to-solve-them/Pete Ghiorse, Peter Tight, and James Ghiorse have a vision of transforming the way people give back. Their iOS app, GiveTide, seeks to make charitable giving effortless by letting users link their credit cards, round purchases up to the nearest dollar, and donate the spare change (similar to apps like Givelify and Uback). It may not be a […]

Their iOS app, GiveTide, seeks to make charitable giving effortless by letting users link their credit cards, round purchases up to the nearest dollar, and donate the spare change (similar to apps like Givelify and Uback). It may not be a household name yet, but the three co-founders have already done a few things that should serve as be a model for other entrepreneurs.

That’s the sense I got, anyway, after meeting them last January on a Facebook group for East Coast entrepreneursand hearing their story. Specifically, they did three things that I think every entrepreneur can — and should — do:

1. Solve a personal problem.

“We’re sorry, the minimum monthly gift amount is $25.”

That’s the message Pete Ghiorse received when he tried to set up a $5 monthly donation to his favorite nonprofit.

It shocked him that a nonprofit would actually refuse money, even if it came in small bills. But on further investigation, it turned out to be a problem with the platform, not the nonprofit.

“The fundraising tools and methods nonprofits have at their disposal haven’t changed in decades,” he explains.

This experience was the impetus for GiveTide. He knew he couldn’t be the only one wanting to donate a few dollars at a time, which meant nonprofits were missing out on a significant revenue source.

Often, the “light bulb” moment for an entrepreneur comes from a personal experience. That’s how it’s worked for me: It was only after nearly going bankrupt on a bad deal that my own agency came up with Roadmapping, a product offering that completely turned our business around.

But the light bulb moment isn’t enough. It’s important to solve a problem you understand — and the specifics of that solution shouldn’t come from the founder. Which brings us to…

2. Get answers from customers.

The inspiration for GiveTide came from personal experience, but Ghiorse and his co-founders understood that one light bulb experience does not a company make.

“We did countless hours of research and had hundreds of conversations,” Ghiorse says. “Through it all, we identified three key barriers to giving: financial, procedural, and social.”

Accordingly, the founders designed GiveTide to remove these barriers.

I’ve also found this to be helpful — it’s a foundational part of my agency business. One of our foundational priorities is to minimize founder-driven design: The only “true” answers come from users.

We spend countless hours testing our apps and design decisions with users, as that’s the only way to know what’s working and what needs to change. And whether it’s a mobile app or a physical product, that’s something every entrepreneur should do.

3. Push through barriers.

Ghiorse says GiveTide’s road to launching was initially clear. “We realized there were barely any charitable giving apps on the App Store, and none whatsoever that did what we were trying to build. We thought that was a good thing,” he explained.

Unfortunately, they missed something.

“Months into development, we discovered that Apple has a big, bold, double underlined section in their development guidelines stating that charitable giving apps are absolutely not allowed,” Ghiorse said.

This might have left them dead in the water. But instead of taking the rules at face value, they changed them. One 20-page appeal and several months later, Apple approved an exception to the rule and GiveTide was go for launch.

The GiveTide story is an instructive lesson in entrepreneurship: It demonstrates that when looking for business ideas, nothing beats a problem you’ve personally experienced. Identifying problems and pain points that you deal with personally is one of the best ways to make sure you’re creating something that people actually want.

However, no matter where the problem comes from, the solution should always be based on customer preference. As a founder, you start out with assumptions. Your job is to test them with customers and revise based on that data.

And finally, perhaps the most important lesson here is that no problem is insurmountable. If you’re driven, dedicated, and creative enough, you can find a workaround for almost anything.

When faced with an opportunity, sometimes the best thing is to jump on it and figure out the specifics later. In my own experience with Rootstrap, I’ve found that having a plan is important — but if you allow building the plan to get in the way of building the product, you’re lost.

Sometimes the best course of action is to jump on an opportunity even if you aren’t sure how you’ll execute.

]]>12241How to Get an Apple iPhone X in Time for Christmashttp://greatresponder.com/2017/12/11/how-to-get-an-apple-iphone-x-in-time-for-christmas/
Mon, 11 Dec 2017 18:00:19 +0000http://greatresponder.com/2017/12/11/how-to-get-an-apple-iphone-x-in-time-for-christmas/If you’re hoping to get your hands on the iPhone X before the holidays, there’s now a better chance than ever of you actually doing it. Apple is now promising as little as two-day waiting periods on the order of new iPhone X units through its online store. As of this writing, customers who buy […]

If you’re hoping to get your hands on the iPhone X before the holidays, there’s now a better chance than ever of you actually doing it.

Apple is now promising as little as two-day waiting periods on the order of new iPhone X units through its online store. As of this writing, customers who buy either the 64GB or 256GB iPhone X from any carrier will be able to get it within the next several days. An unlocked iPhone X that can be used on any carrier network will also ship within the next couple of days.

Apple released the iPhone X last month. The smartphone comes with a 5.8-inch display and ditches thick bezels, leaving no room for a physical home button. Apple has ditched its Touch ID fingerprint sensor in the iPhone X and now incorporates a Face ID facial scanner in its place that gives users access to its software and verifies purchases through Apple Pay. The iPhone X starts at $999 for the 64GB version, but jumps to $1,149 for the 256GB option.

Since its release last month, the iPhone X has been somewhat difficult to find on store shelves, though its availability has been better than some had anticipated before its release. At that time, reports had suggested Apple was running into assembly problems that constricted supply. But it appears now that those apparent problems have been overcome and the company can now satisfy demand.

Apple’s carrier partners—including Verizon, AT&T, Sprint, and T-Mobile—also sell the handset through their stores. They all have available units.

]]>12239Here's How The Next Big Thing Really Happenshttp://greatresponder.com/2017/12/10/heres-how-the-next-big-thing-really-happens/
Sun, 10 Dec 2017 18:00:21 +0000http://greatresponder.com/2017/12/10/heres-how-the-next-big-thing-really-happens/It often seems easy to know when the next big thing is upon us. Someone like Steve Jobs or Elon Musk stands on stage and tells us what they are planning to launch. The business press gets excited, pundits swoon and a thousand imitators are created. Before long an ecosystem develops and the worlds is forever […]

It often seems easy to know when the next big thing is upon us. Someone like Steve Jobs or Elon Musk stands on stage and tells us what they are planning to launch. The business press gets excited, pundits swoon and a thousand imitators are created. Before long an ecosystem develops and the worlds is forever changed.

In reality though, things are much murkier than that. Innovation is a process of discovery, engineering and transformation and it is only the last part that is visible to most of us. The seeds of a revolution start long before, in obscure labs and at conferences with high priests presenting papers written in arcane vernacular.

Since the 1950s, the engine that’s driven new knowledge to, as Vannevar Bush put it, turn the wheels of private and public enterprise,” has been the federal government. Still, the process of moving new discoveries out of government labs and into the marketplace has been slow and cumbersome, but a new model holds promise for greatly accelerating breakthrough innovation.

The Birth Of JCESR

Since the beginning of the new century, wind and solar technologies have been moving fast, increasing efficiency at an exponential rate comparable to that of computer chips. Similar advances in electric cars pointed toward the possibility of a future beyond the fossil fuels. Yet in both cases, battery technology proved to be a choke point.

Both wind and solar need backups for when the wind isn’t blowing and the sun isn’t shining. Electric cars need batteries powerful enough to quell “range anxiety” and cheap enough to make them cost-competitive with gasoline-powered engines. For both the grid and transportation, it’s been estimated that battery costs need to come down to $100/Kw/hour to make a clean energy future viable.

It was also becoming clear that a replacement needed to be found for the current lithium-ion technology, which is nearing theoretical limits, that has been the gold standard for nearly 40 years. That was the impetus for the creation of the Joint Center for Energy Storage Research (JCESR) in 2012, an innovative partnership between the Department of Energy, academic labs and private industry.

The idea behind JCESR is that in order to accelerate innovation you need to strengthen links between discovery and commercialization. Scientists need feedback from private industry so that they can focus their efforts on the ideas with the most potential in the marketplace, while private companies need insight into current research in order to prepare for the future.

Today, five years later, the model seems to be an enormous success.

Processes Before Products

Developing new battery chemistry is generally a long, painstaking process. Literally thousands of materials need to be tested in order to identify even a few promising candidates. Then, those components need to be evaluated to see if they can be made into a safe, viable battery that will be both more powerful and cheaper than existing products.

So the scientists at JCESR realized that before they could start coming with a better battery, they needed to innovate the research process. So they started by building new tools, including materials and electrolyte genomes as well as techno-economic modeling to test the market viability of an idea before further work is done on it.

“The triumph of the materials genome approach is that it let us discard 98% of the possibilities and pare it down to just a few really promising candidates,” George Crabtree, Director of JCESR, told me. That, along with the techno-economic modeling helped save enormous amounts of time and resources that would otherwise be spent going down blind alleys.

These tools provide value far beyond government and academic labs. Because JCESR is a public-private partnership, involving about a hundred partner companies which range from the large enterprises to small startups, firms across the country are using them to speed up their own development.

A Nascent Revolution

Today, JCESR is coming to the end of its original 5-year mission and it has exceeded all expectations. Initially, it was expected to come up with two viable prototypes, but it actually has come up with four — two for the grid and two for transportation. There is still much work to be done, but we’re eons closer to a clean energy future than we were.

The program has also helped to spin off a number of promising startups, including Baseload Renewables, Blue Current and Sepion Technologies, with many more likely to come. Going from basic research in the lab to a technology advanced enough to attract private investment in less than five years is unusual, but to do it three times over is even more impressive.

Probably most importantly, the program has shown what can be achieved through greater collaboration between the government, academic labs and private, profit-seeking companies. Historically, these have held each other at arm’s length, which slows down innovation considerably, but at JCESR, they each inform the other, greatly accelerating the innovation process.

“Usually discovery propagates at the speed of publication,” JCESR’s Crabtree told me. “But here, we can operate within the time frame of the next coffee break.”

Where Do We Go From Here?

Energy storage is one of the most profound problems facing us today, but it is far from the only one. Climate change, food sustainability, healthcare and many other pressing issues need radically new solutions. There are also a number of powerful new technologies, such as genomics, nanotechnology and robotics, that can redefine what we thought was possible.

Look at any significant modern technology and much, if not all, of the initial scientific work was funded by a government program. In fact, Google itself began with a National Science Foundation grant. Still, historically the process of getting those discoveries translated into marketable products has been slow, usually taking decades.

The JCESR model offers a great blueprint for the future. Innovation is always about networks rather than nodes and it is essential that we learn how to build those connections faster. Building intense collaboration between government labs, academic institutions and private businesses will be key to maintaining our technological and competitive edge.

Unfortunately, we seem to be going in the opposite direction. Since its peak in 1964, federal investment in R&D has fallen from nearly 12% of the total federal budget to less than 4% and, in the current political climate, support for research is likely to diminish even further. That is going to make it much harder to maintain critical programs like JCESR.

]]>12237The Grand Tor: How to Go Anonymous Onlinehttp://greatresponder.com/2017/12/09/the-grand-tor-how-to-go-anonymous-online/
Sat, 09 Dec 2017 12:37:38 +0000http://greatresponder.com/2017/12/09/the-grand-tor-how-to-go-anonymous-online/Fifteen years have passed since a couple of MIT grads and a Navy-funded researcher first built The Onion Router, or Tor, a wild experiment in granting anonymity to anyone online. Today, Tor has millions of users. The original project has been endlessly hacked on, broken, and fixed again. While imperfect, it remains the closest thing […]

Fifteen years have passed since a couple of MIT grads and a Navy-funded researcher first built The Onion Router, or Tor, a wild experiment in granting anonymity to anyone online. Today, Tor has millions of users. The original project has been endlessly hacked on, broken, and fixed again. While imperfect, it remains the closest thing to a cloak of anonymity for internet users with a high sensitivity to surveillance, without needing serious technical chops. And it’s stronger and more versatile than ever before.

Tor protects your identity online—namely your IP address—by encrypting your traffic in at least three layers and bouncing it through a chain of three volunteer computers chosen among thousands around the world, each of which strips off just one layer of encryption before bouncing your data to the next computer. All of that makes it very difficult for anyone to trace your connection from origin to destination—not the volunteer computers relaying your information, not your internet service provider, and not the websites or online services you visit.

Earlier this month, Tor announced an update to its so-called onion services, which use Tor’s anonymizing features to hide not just individual people on the web, but servers too, allowing for so-called dark web or darknet sites and other services that can’t be physically traced to any locatable computer. Beyond merely covering your tracks as you visit websites, the new feature has opened Tor up to a new range of applications, enabling a new generation of whistleblowing platforms and new forms of untraceable messaging. Tor’s update has made those onion services less easily discovered and strengthened their encryption.

That overhaul should cement Tor’s reputation as an indispensable anonymity tool, says Marc Rogers, a security researcher for tech firm Cloudflare, who has also worked on a still-in-development Tor-based network router project himself. “It’s still pretty much the only game in town,” he says. “After this update, I can say that yes, Tor is the best privacy tool out there.”

Here’s how you can use Tor today, whether you want to want to browse controversial sites in peace, or send messages the NSA can’t peep.

Web Browsing

The most basic—and by far the most common—way to use Tor is to simply download, install, and run the TorBrowser from the Tor Project’s website. Like other Tor apps, it routes all its traffic over Tor, so that you’re browsing the web truly incognito: The sites you’re visiting see you as emerging from a random point on the internet and thus can’t trace your true IP address or your associated identity.

Aside from making government or other targeted surveillance much more difficult, the TorBrowser also functions as a powerful anti-censorship tool for people in countries like Iran and China, since it hides any direct connection to domains like Google, Facebook, and Twitter that oppressive regimes often block. Be aware, however, that the final computer routing your traffic to a destination website in that three-hop system, known as an “exit node,” can see all of your activity as you connect to a website, even if it doesn’t know where that activity comes. Privacy experts warn that law enforcement, intelligence services, and malicious hackers run their own exit nodes for exactly that surveillance purpose. It’s critical, then, for Tor users to only visit HTTPS-protected websites to ensure that the information that passes between the browser and the site remains encrypted.

Some popular websites have now even started to run their own Tor onion services, including Facebook and Pro Publica. That means they’re essentially hosting a site on Tor’s network, so that you can visit through the TorBrowser and your traffic remains encrypted all the way to its destination, with no need to trust an exit node.

Messaging

It’s easy to route not just your web browsing over Tor, but instant messaging, too. The Tor Project offers a program called Tor Messenger, which allows you to combine Tor with the chat protocols Jabber, IRC, Google Talk, and others. That means your connection to whatever server is running that chat service routes over Tor, so that the server can’t in theory identify your IP address or location.

Another app called TorChat goes a step further, allowing you to instant message using servers that themselves run as Tor onion services, which can only receive incoming connections through Tor. With that setup, who might want to compromise the messages can’t locate the servers that host them. And a next-generation tool called Ricochet takes the IM implementation of Tor yet another step, cutting servers out of the picture altogether. Instead, it turns your computer (or the computer of the person you’re talking to) into an onion service, so that you can connect directly through Tor without any middleman.

A slower but more widely used and well-audited way to route communications over Tor is SecureDrop. Taking a cue from WikiLeaks and originally coded by the late internet activist Aaron Swartz, SecureDrop allows anyone to host an anonymous dropbox for sensitive information. Dozens of news organizations now use it to solicit tips and leaked documents from whistleblowers, including The New York Times, The Washington Post, The Guardian, and of course WIRED.

For larger file transfers, an application called Onion Share essentially allows anyone to turn their computer into an onion service that anyone can connect to directly to download files, just as they might from a website—but without leaving any trace of their identity.

Everything Else

Instead of trying to route any particular app over Tor, why not route all your internet data over the Tor network? That’s the pitch of products like Anonabox and Invizbox, small, portable routers that run Tor and are designed to siphon every packet that leaves or enters your computer over that protected network. But those routers—particularly Anonabox—have been criticized for security flaws.

Some security experts warn against routing all your data over Tor anyway. While Tor can effectively hide your IP address, the regular course of anyone’s web browsing invariably includes sharing identifying details, which could defeat the purpose of using an anonymity tool in the first place.

Better still, in those cases, is an entire Tor-based operating system called Tails, an acronym for The Amnesiac Incognito Live System. The primary benefit of Tails has more to do with security than privacy; you can run it off of a USB drive, which once removed, leaves no trace on the computer that ran it, making it virtually impossible to install malware on the user’s machine. But as an added bonus, it also routes all data over Tor, adding an extra layer of anonymity. The system is secure enough that it’s been listed as a trouble spot for the NSA in documents leaked by Edward Snowden—and Snowden has also said that he uses it himself to avoid surveillance by his former employer.

]]>12236Take These 7 Steps Now to Reach Password Perfectionhttp://greatresponder.com/2017/12/09/take-these-7-steps-now-to-reach-password-perfection/
Sat, 09 Dec 2017 12:37:11 +0000http://greatresponder.com/2017/12/09/take-these-7-steps-now-to-reach-password-perfection/Your passwords are a first line of defense against many internet ills, but few people actually treat them that way: Whether it’s leaning on lazy Star Wars references or repeating across all of your accounts—or both—everyone is guilty of multiple password sins. But while they’re an imperfect security solution to begin with, putting in your […]

Your passwords are a first line of defense against many internet ills, but few people actually treat them that way: Whether it’s leaning on lazy Star Wars references or repeating across all of your accounts—or both—everyone is guilty of multiple password sins. But while they’re an imperfect security solution to begin with, putting in your best effort will provide an immediate security boost.

Don’t think of the following tips as suggestions. Think of them as essentials, as important to your daily life as brushing your teeth or eating your vegetables. (Also, eat more vegetables.)

1. Use a password manager. A good password manager, like 1Password or LastPass, creates strong, unique passwords for all of your accounts. That means that if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services. The best ones sync across desktop and mobile, and have autocomplete powers. Now, rather than having to memorize dozens of meticulously crafted passwords, you just have to remember one master key. How do you make it as robust as possible? Read on.

2. Go long. Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity. Once you get into the 12-15 character range, it becomes way harder for a hacker to brute force, much less guess, your password. One caveat: Don’t just string together pop culture references or use simple patterns. Mix it up! Live a little! A quick for instance: “g0be@r$” does you way less favors than “chitown banana skinnydip.”

3. Keep ’em separated. If and when you do deploy those special characters—which, if you opt against a password manager, lots of input fields will force you to—try not to bunch them all together at the beginning or end. That’s what everyone else does, which means that’s what bad guys are looking for. Instead, space them out throughout your password to make the guesswork extra tricky.

4. Don’t change a thing. You know how your corporate IT manager keeps making you change your password every three months? Your corporate IT manager is wrong. The less often you change your password, the less likely you are to forget it, or to fall into patterns—like just changing a number at the end each time—that make them easier to crack.

5. Single-serve only. If you’re on the password manager train, you’re already all over this. But if you can’t be bothered, at the very least make sure that you don’t reuse passwords across different accounts. If you do, a retailer breach you have no control over could end up costing your banking password. See for yourself: The website Have I Been Pwned has nearly 5 billion compromised accounts on file—if yours is one of them, there’s a chance your favorite password might already be toast.

6. Don’t trust your browser. A convenient shortcut to remembering all those passwords, or getting a paid password manager account, is letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.

7. Add two-factor too. Hate to say it, but these days not even a password is enough. Many of the services you use today—social networks, banks, Google, and so on—offer an added layer of protection. It can come in the form of a code sent to your phone via SMS, or if you want to step it up, through software solutions like Google Authenticator or hardware like a YubiKey. SMS should be enough for most people; just know that like many entry level security precautions, it’s not perfect.

The Thomas Fire spread through the hills above Ventura, in the northern greater Los Angeles megalopolis, with the speed of a hurricane. Driven by 50 mph Santa Ana winds—bone-dry katabatic air moving at freeway speeds out of the Mojave desert—the fire transformed overnight from a 5,000-acre burn in a charming chaparral-lined canyon to an inferno the size of Orlando, Florida, that only stopped spreading because it reached the Pacific. Tens of thousands of people evacuated their homes in Ventura; 150 buildings burned and thousands more along the hillside and into downtown are threatened.

That isn’t the only part of Southern California on fire. The hills above Valencia, where Interstate 5 drops down out of the hills into the city, are burning. Same for a hillside of the San Gabriel Mountains, overlooking the San Fernando Valley. And the same, too, near the Mount Wilson Observatory, and on a hillside overlooking Interstate 405—the flames in view of the Getty Center and destroying homes in the rich-people neighborhoods of Bel-Air and Holmby Hills.

And it’s all horribly normal.

Southern California’s transverse ranges—the mostly east-west mountains that slice up and define the greater Los Angeles region—were fire-prone long before there was a Los Angeles. They’re a broken fragment of tectonic plate, squeezed up out of the ground by the Pacific Plate on one side and the North American on the other, shaped into the San Gabriels, the Santa Monica Mountains, the San Bernardino Mountains. Even the Channel Islands off Ventura’s coast are the tippy-tops of a transverse range.

Santa Anas notwithstanding, the transverse ranges usually keep cool coastal air in and arid desert out. Famously, they’re part of why the great California writer Carey McWilliams called the region “an island on the land.” The hills provided hiding places for cowboy crooks, hiking for the naturalist John Muir, and passes both hidden and mapped for natives and explorers coming from the north and east.

With the growth and spread of Los Angeles, fire became even more part of Southern California life. “It’s almost textbook. It’s the end of the summer drought, there has not been a lot of rain this year, and we’ve got Santa Ana winds blowing,” says Alexandra Syphard, an ecologist at the Conservation Biology Institute. “Every single year, we have ideal conditions for the types of wildfires we’re experiencing. What we don’t have every single year is an ignition during a wind event. And we’ve had several.”

Before humans, wildfires happened maybe once or twice a century, long enough for fire-adapted plant species like chapparal to build up a bank of seeds that could come back after a burn. Now, with fires more frequent, native plants can’t keep up. Exotic weeds take root. “A lot of Ventura County has burned way too frequently,” says Jon Keeley, a research ecologist with the US Geological Survey at the Sequoia and Kings Canyon Field Station. “We’ve lost a lot of our natural heritage.”

Fires don’t burn like this in Northern California. That’s one of the things that makes the island on the land an island. Most wildfires in the Sierra Nevadas and northern boreal forests are slower, smaller, and more easily put out, relative to the south. (The Napa and Sonoma fires this year were more like southern fires—wind-driven, outside the forests, and near or amid buildings.) Trees buffer the wind and burn less easily than undergrowth. Keeley says northern mountains and forests are “flammability-limited ecosystems,” where fires only get big if the climate allows it—higher temperatures and dryer conditions providing more fuel. Climate change makes fires there more frequent and more severe.

Southern California, on the other hand, is an “ignition-limited ecosystem.” It’s always a tinderbox. The canyons that cut through the transverse ranges align pretty well with the direction of the Santa Ana winds; they turn into funnels. “Whether or not you get a big fire event depends on whether humans ignite a fire,” he says.

And there are just a lot more humans in Southern California these days. In 1969 Ventura County’s population was 369,811. In 2016 it was 849,738—a faster gain than the state as a whole. In 1970 Los Angeles County had 7,032,000 people; in 2015 it was 9,827,000. “If you look historically at Southern California, the frequency of fire has risen along with population growth,” Keeley says. Though even that has a saturation point. The number of fires—though not necessarily their severity—started declining in the 1980s, maybe because of better fire fighting, and maybe because with more people and more buildings and roads and concrete, there’s less to burn.

As Syphard told me back at the beginning of this year’s fire season, “The problem is not fire. The problem is people in the wrong places.”

Like most fresh-faced young actors in Southern California, the idea of dense development is a relatively recent arrival. Most of the buildings on the island on the land are low, metastasizing in a stellate wave across the landscape, over the flats, up the canyons, and along the hillsides. In 1960 Santa Paula, where the Thomas Fire in Ventura started, was a little town where Santa Paula Canyon hit the Santa Clara River. Today it’s part of greater Ventura, stretching up the canyon, reaching past farms along the river toward Saticoy.

So the canyons are perfect places for fires. They’re at the Wildland-Urban Interface, developed but not too developed. Wall-to-wall hardscape leaves nothing to burn; no buildings at all means no people to provide an ignition source. But the hills of Ventura or Bel-Air? Firestarty.

As the transverse ranges defined Southern California before Los Angeles and during its spasmodic growth, today it’s defined by freeways. The mountains shape the roads—I-5 coming over the Grapevine through Tejon Pass in the Tehachapis, the 101 skirting the north side of the Santa Monica Mountains, and the 405 tucking through them via the Sepulveda Pass. The freeways, names spoken as a number with a “the” in front, frame time and space in SoCal. For an Angeleno like me, reports of fires closing the 101, the 210, and the 405 are code for the end of the world. Forget Carey McWilliams; that’s some Nathaniel West stuff right there—the burning of Los Angeles from Day of the Locust, the apocalypse that Hollywood always promises.

It won’t be the end end, of course. Southern California zoning and development are flirting, for now at least, with density, accommodating more people, dealing with the state’s broad crisis in housing, and incidentally minimizing the size of the wildland interface. No one can unbuild what makes the place an island on the land, but better building on the island might help stop the next fires before they can start.

]]>12232What’s Driving Walmart’s Digital Focus? Paranoia, Top Exec Sayshttp://greatresponder.com/2017/12/07/whats-driving-walmarts-digital-focus-paranoia-top-exec-says/
Thu, 07 Dec 2017 06:37:08 +0000http://greatresponder.com/2017/12/07/whats-driving-walmarts-digital-focus-paranoia-top-exec-says/The biggest company in the world has a chip on its shoulder right now—and that’s probably a good thing. Why? The ever-growing challenge from online retailers is pushing Walmart to be a much better operator in the digital world. “For us, a big part of it is being paranoid,” said Walmart chairman Greg Penner on […]

The biggest company in the world has a chip on its shoulder right now—and that’s probably a good thing. Why? The ever-growing challenge from online retailers is pushing Walmart to be a much better operator in the digital world.

“For us, a big part of it is being paranoid,” said Walmart chairman Greg Penner on Thursday at the Fortune Global Forum in Guangzhou, China. “We’re at our best when we’ve got a competitor that’s really challenging us.”

If so, the mega-retailer is doubly blessed: It now has two mammoth online retailers targeting its core business.

For quite some time, Walmart, No. 1 on Fortune’s Global 500 list of the world’s largest companies with $486 billion in sales last year, has been working to adjust its strategy to reckon with the threat posed by Amazon.com.

The so-called Everything Store had more than 50% of all online retail sales in the U.S. last year and continues to expand at a blistering pace. With its acquisition earlier this year of Whole Foods, Amazon served notice that it is bringing the fight for consumers to Walmart on its own turf—physical stores. Amazon’s market value has risen above $550 billion, significantly above Walmart’s stock market value of around $290 billion despite strong returns for Walmart’s shares this year.

In China, Walmart now has another potent competitor getting into the stores business: Chinese online retail titan Alibaba.

Alibaba announced in November that it was investing $2.9 billion to acquire a 36% stake in Chinese hypermarket operator Sun Art, which has some 400 stores in China similar in scale to Walmart’s superstores. As with Amazon and Whole Foods, Alibaba plans to create a connected retail experience for shoppers between their smartphones and their neighborhood stores.

It’s the same strategy Walmart is pursuing, but in reverse: Amazon and Alibaba want to bring their huge customer bases into stores; Walmart wants to persuade the shoppers who frequent its nearly 12,000 stores globally to do more of their digital shopping with Walmart as well.

The retail business is no longer bifurcated between physical and digital, said Penner. The best way to win customers in the future is going to be by offering a sophisticated mix of both options.

“Customers aren’t going to care where products came from,” said Penner. “They just want a seamless experience. So that’s what we’re trying to solve for.”

Walmart has made significant digital inroads since its acquisition of Jet.com last year. In its most recent quarter, the company grew its online sales by 50%. Walmart.com now sells some 70 million items—triple its number of offerings a year ago.

Penner told the audience at the Fortune Global Forum that the deal allowed the company to scale up faster. It can now reach 90% of consumers in China, he said. And shoppers can order items on the JD.com platform, have them picked from shelves in Walmart’s stores, and delivered within an hour.

“We went all in with that strategy,” said Penner. “We just felt we had to be part of a bigger ecosystem.”

Alibaba’s latest move presents a big, new challenge to Walmart’s business in the Chinese market—and more of the adversity that Penner says the company thrives on.

]]>12231Why China’s ‘Copycat’ Image Is Beginning to Fadehttp://greatresponder.com/2017/12/06/why-chinas-copycat-image-is-beginning-to-fade/
Wed, 06 Dec 2017 06:37:10 +0000http://greatresponder.com/2017/12/06/why-chinas-copycat-image-is-beginning-to-fade/Neil Shen knows a thing or two about what makes a successful entrepreneur. Shen, who started his career as an investment banker, co-founded Chinese travel services provider Ctrip.com and went on to become the founding partner of Sequoia Capital China. He was also an early investor in one of the hottest companies in China at […]

Neil Shen knows a thing or two about what makes a successful entrepreneur.

Shen, who started his career as an investment banker, co-founded Chinese travel services provider Ctrip.com and went on to become the founding partner of Sequoia Capital China. He was also an early investor in one of the hottest companies in China at the moment called Meituan, a local services platform often referred to as the Groupon of China.

“When Meituan first launched, they did try to learn from the Groupon model in the U.S,” he said at Fortune’s Brainstorm Tech International conference in Guangzhou, China on Wednesday. “In the last few years, Meituan’s business model shifted in a way that makes it unique. It doesn’t have a U.S. comparable.”

Many U.S. companies tend to focus on the home market because it’s “a big, rich market,” so why look elsewhere? “The historical experience is that if you conquer America, you can conquer the world,” he said. “But that’s starting to change.”

Over the years, Chinese entrepreneurs have gained a reputation of simply being copycats of American technology. That image is beginning to fade. In fact, Shen says the opposite is happening.

“Yes, a lot of U.S. companies still think China is about copycats, which is a totally, totally wrong perception,” he said. “I would suggest that U.S. companies should actually try to learn from China.”

Shen used Meituan as an example. Although it was inspired by Groupon, it evolved beyond Groupon’s ambitions. Meituan started out as a group-buying site, but it has quickly become the world’s largest online and on-demand delivery platform. It recently announced that it would launch a ride-hailing service of its own in China to compete against local giant Didi Chuxing.

“In the last few years. the mobile Internet has given the Chinese entrepreneur the chance to prove they are the original creator of those models,” Shen said.

]]>12230Ethiopian Espionage Shows Commercial Spyware Is Out of Controlhttp://greatresponder.com/2017/12/06/ethiopian-espionage-shows-commercial-spyware-is-out-of-control/
Wed, 06 Dec 2017 06:37:09 +0000http://greatresponder.com/2017/12/06/ethiopian-espionage-shows-commercial-spyware-is-out-of-control/Throughout 2016 and 2017, individuals in Canada, United States, Germany, Norway, United Kingdom, and numerous other countries began to receive suspicious emails. It wasn’t just common spam. These people were chosen. WIRED OPINION ABOUT Ronald Deibert (@rondeibert) is professor of political science and director of the Citizen Lab at the University of Toronto’s Munk School […]

Throughout 2016 and 2017, individuals in Canada, United States, Germany, Norway, United Kingdom, and numerous other countries began to receive suspicious emails. It wasn’t just common spam. These people were chosen.

WIRED OPINION

ABOUT

Ronald Deibert (@rondeibert) is professor of political science and director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs.

The emails were specifically designed to entice each individual to click a malicious link. Had the targets done so, their internet connections would have been hijacked and surreptitiously directed to servers laden with malware designed by a surveillance company in Israel. The spies who contracted the Israeli company’s services would have been able to monitor everything those targets did on their devices, including remotely activating the camera and microphone.

Who was behind this global cyber espionage campaign? Was it the National Security Agency? Or one of its “five eyes” partners, like the GCHQ or Canada’s CSE? Given that it was done using Israeli-made technology, perhaps it was Israel’s elite signals intelligence agency, Unit 8200?

In fact, it was none of them. Behind this sophisticated international spying operation was one of the poorest countries in the world; a country where less than 5 percent of the population has access to the internet; a country run by an autocratic government routinely flagged for human rights abuses and corruption. Behind this operation was… Ethiopia.

The details of this remarkable clandestine activity are outlined in a new Citizen Lab report published today entitled “Champing at the Cyberbit.” In our report my co-authors and I detail how we monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open. That log file provided us with a window, for roughly a year, into the attackers’ activities, infrastructure, and operations. Strong circumstantial evidence points to one or more government agencies in Ethiopia as the responsible party.

We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics. Our access also allowed us enumerate the countries in which the targets were located. Many of the countries in which the targets live—the United States, Canada, and Germany, among others—have strict wiretapping laws that make it illegal to eavesdrop without a warrant. It seems individuals in Ethiopia broke those laws.

If a government wants to collect evidence on a person in another country, it is customary for it to make a formal legal request to other governments through a process like the Mutual Legal Assistance Treaties. Ethiopia appears to have sidestepped all of that. International norms would suggest a formal démarche to Ethiopia from the governments whose citizens it monitored without permission, but that may happen quietly if at all.

Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others. Along with NSO Group, it’s the second Israel-based company whose technology has been used in this way.

Israel does regulate the export of commercial spyware abroad, although apparently not very well from a human-rights perspective. Cyberbit was able to sell its services to Ethiopia—a country with not only a well-documented history of governance and human rights problems, but also a track record of abusing spyware. When considered alongside the extensive reporting we have done about UAE and Mexican government misuse of NSO Group’s services, it’s safe to conclude Israel has a commercial spyware control problem.

How big of a problem? Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit’s products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan’s National Security Service, Zambia’s Financial Intelligence Centre, and the Philippine president’s Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.

Cyberbit, for its part, has responded to Citizen Lab’s findings: “Cyberbit Solutions offers its products only to sovereign governmental authorities and law enforcement agencies,” the company wrote me on November 29. “Such governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions.“ The company declined to confirm or deny that the government of Ethiopia is a client, but did note that “Cyberbit Solutions can confirm that any transaction made by it was approved by the competent authorities.”

Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion. An investment firm recently sought to acquire a partial stake in NSO Group for a reported $400 million before eventually withdrawing its offer.

Of course, these companies insist that spyware they sell to governments is used exclusively to fight terrorists and investigate crime. Sounds reasonable, and no doubt many do just that. But the problem is when journalists, academics, or NGOs seek to expose corrupt dictators or hold them accountable, those truth tellers may then be labelled criminals or terrorists. And our research has shown that makes those individuals and groups vulnerable to this type of state surveillance, even if they live abroad.

Indeed, we discovered the second-largest concentration of successful infections of this Ethiopian operation are located in Canada. Among the targets whose identities we were able to verify and name in the report, what unites them all is their peaceful political opposition to the Ethiopian government. Except one. Astoundingly, Citizen Lab researcher Bill Marczak, who led our technical investigation, was himself targeted at one point by the espionage operators.

Countries sliding into authoritarianism and corruption. A booming and largely unregulated market for sophisticated surveillance. Civilians not equipped to defend themselves. Add these ingredients together, and you have a serious crisis of democracy brewing. Companies like Cyberbit market themselves as part of a solution to cyber security. But it is evident that commercial spyware is actually contributing to a very deep insecurity instead.

Remedying this problem will not be easy. It will require legal and policy efforts across multiple jurisdictions and involving governments, civil society, and the private sector. A companion piece to the report outlines some measures that could hopefully begin that process, including application of relevant criminal laws. If the international community does not act swiftly, journalists, activists, lawyers, and human rights defenders will be increasingly infiltrated and neutralized. It’s time to address the commercial spyware industry for what it has become: one of the most dangerous cyber security problems of our day.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.